Forum

Hi,

Stumbled on one of the questions. Never knew that disassociation frames can be broadcast. Never read it in any of the books and is neither specified in IEEE 802.11-2007.

But, when I read through the internet, the information is correct - Disassociation frames can be broadcast by an AP (usually done if AP has to be brought down for maintenance).

Thanks and regards,

Pravin Goyal

An entire network can be disassociated/deauthenticated by using the broadcast mac (FF:FF:FF:FF:FF:FF) in place of a single STAs mac in the management frames.  This presents a pretty big security hole and was addressed in 802.11w-2009 with Management Frame Protection. By spoofing the AP an attacker could send the broadcast addressed disassociation frames and essentially shut down a wireless network.

Just because you cannot find something in the standards does not mean it is not allowed.

You have to remember that there is a lot of intentional "slack" in the 802.11 standards.   Unless you find that something is specifically forbidden, it has probably been used by some manufacturer, or at least tried.   

Some of these "holes" are used to differentiate one companies products from those of their competitors.

Howard makes a good point.   There is no requirement to follow an IEEE standard, it is not a regulatory document.  Even if something was explicitly forbidden in 802.11, a vendor could still implement it in their solution.  The basic goal of 802.11 is to present a common framework that, if adhered to, will allow devices to communicate successfully with each other.  The document even makes note of the fact that it does not contain any specific implementations, it contains the "what to do", not the "how to do it".